Skip to content

Latest commit

 

History

History
137 lines (111 loc) · 11.2 KB

RELEASE.md

File metadata and controls

137 lines (111 loc) · 11.2 KB
Raw

liboqs version 0.7.2

About

The Open Quantum Safe (OQS) project has the goal of developing and prototyping quantum-resistant cryptography. More information on OQS can be found on our website: https://openquantumsafe.org/ and on Github at https://github.com/open-quantum-safe/.

liboqs is an open source C library for quantum-resistant cryptographic algorithms. Details about liboqs can be found in README.md. See in particular limitations on intended use.

liboqs can be used with the following Open Quantum Safe application integrations:

  • OQS-OpenSSL 1.1.1: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of OpenSSL 1.1.1; see the OQS-OpenSSL-1_1_1-stable branch of our OpenSSL fork's repository.
  • oqs-provider: A standalone prototype OpenSSL 3 provider enabling liboqs-based quantum-safe and hybrid key exchange for TLS 1.3, and post-quantum and hybrid X.509 certificate generation and CMS operations.
  • OQS-BoringSSL: A prototype integration of liboqs-based authentication and key exchange into TLS 1.3 in our fork of BoringSSL; see https://github.com/open-quantum-safe/boringssl.
  • OQS-OpenSSH: A prototype integration of liboqs-based authentication and key exchange into Secure Shell (SSH) version 2 in our fork of OpenSSH; see https://github.com/open-quantum-safe/openssh.

Several demos are available for using the above libraries in applications, including Apache, Chromium, curl, haproxy, nginx, and Wireshark. Performance of liboqs in several settings is measured at https://openquantumsafe.org/benchmarking/.

liboqs can also be used in the following programming languages via language-specific wrappers:

Release notes

This is version 0.7.2 of liboqs. It was released on August 21, 2022.

Security considerations

This release removes Rainbow level 1 and all variants of SIDH and SIKE due to cryptanalytic breaks of those algorithms. Users are advised to move away from use of those algorithms immediately.

What's New

This release continues from the 0.7.1 release of liboqs.

The goal of this release is to provide a final release for algorithms that were included in Round 3 of the NIST Post-Quantum Standardization project. As the security status of some algorithms changed during Round 3, it drops algorithms known to be broken as of release (Rainbow level 1, SIKE). Some algorithms also updated their specification during Round 3; version 0.7.2 does not incorporate any algorithm changes that result in different input/output behaviour compared to version 0.7.1; such changes will included in version 0.8.0.

The next release of liboqs, version 0.8.0, will remove some algorithms that did not advance beyond NIST Round 3, update implementations based on algorithm/specification revisions that happened during Round 3, and begin to incorporate Round 4 changes. Discussion of algorithms to be removed in version 0.8.0 can be found in open-quantum-safe#1245.

Key encapsulation mechanisms

  • Kyber: Update implementation and switch use of symmetric crypto to OQS common code
  • HQC: Fix build on gcc-12
  • SIKE: Remove SIKE due to break (https://eprint.iacr.org/2022/975)

Digital signature schemes

  • Dilithium: Add ARMv8 optimized implementation and switch use of symmetric crypto to OQS common code
  • Picnic: Update implementation
  • Rainbow: Remove Rainbow level 1 due to break (https://eprint.iacr.org/2022/214)

Other changes

  • Add support for building on powerpc64
  • Update XKCP implementation
  • Improve SHA2 implementation on ARMv8
  • Improve AES implementation on ARMv8
  • Add aarch64 CPU feature detection on FreeBSD
  • Improve cross-compiling on Windows
  • Enable integration of liboqs into other CMake-based projects
  • Increment shared object library version

Detailed changelog

Full Changelog: https://github.com/open-quantum-safe/liboqs/compare/0.7.1...0.7.2